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CLAIMS 

A method for control of mobile packet flows forwarded on the DP based user plane 
characterized by 

a. controlling the individual packet flows from a common IP based control plane 
provided with midcom agents (15), said control being provided by: 

b. each flow registering its presence in each middlebox (13, 14) it encounters on its way 
from its source to its destination at the user plane, and 

c. in response to this each middlebox registering (16) itself and the mobile flows it 
handles at an midcom agent (15) at the control plane with which they communicate 
using an extended midcom signalling protocol, 

d. the midcom agent, now having knowledge of the registered flows, signalling (1 7) 
control orders to the middleboxes that registered, said orders pertaining to the 
handling of the flows at the respective middleboxes. 

A method in accordance with claim 1 characterized by the midcom agent sending 
its control orders to an individual flow via the middlebox at which said packet flow 
registers. 

A method in accordance with claim 1 characterized by the midcom agent sending 
its control orders to an individual flow via another midcom agent (21) than that at 
which the flow registered. 

A method in accordance with claim 1 characterized by the midcom agent using the 
identity of the middlebox (MID) that registered in order to find the functionality the 
middlebox has and provide a corresponding control order that it sends to the 
middlebox. 

A method in accordance with claim 1, wherein the midcom agent controls a number 
of middleboxes provided in a network characterized by 

a. an ingress middlebox (IN), sitting the edge of the network where an individual flow 
enters the network, filtering out (36) control messages and tunnelling them to the 
midcom agent, and 

b. the midcom agent in response sending control messages to each of the middleboxes it 
controls, this dividing the IP layer into an IP control layer and an IP user plane. 
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A method in accordance with claim 1 characterized by the midcom agent uses a 
routing table to send the control messages to the respective middleboxes on the IP 
control plane using an extended midcom protocol. 

A method in accordance with claim 1 characterized by the midcom agent sends the 
control messages to the middleboxes by first sending them to the ingress middlebox 
(IN) from which they are sent in the same channel as the user data. 

A method in accordance with claim 1, wherein a domain (22; 23) comprises 
middleboxes and a midcom agent (15; 21) controlling these characterized by 

a. forwarding control messages from one domain to another by having an ingress 
middlebox, sitting the edge of a network which an individual flow enters, 

b. filtering out control messages and tunnelling them to the midcom agent, 

c. and the midcom agent forwarding them to an egress middlebox at which the flow 
exits the network. 

A method in accordance with claim 8 characterized by exchanging step c. for the 
step of returning the signalling message to the ingress middlebox (IN) from where it 
is forwarded along same path as the user data flow. 

A method in accordance with claim 1 characterized by several midcom agents (15, 
21), provided at the IP control plane, simultaneously controlling one and the same 
flow. 

A midcom agent characterized by a plurality of control function sets, each set 
relating to the operation of an individual middlebox, and comprising control orders 
for control of the operation of the corresponding middlebox. 

A communication system comprising a plurality of IP based networks (38, 42, 44, 
45, 48) and a session controller (2) for set up of a communication path that traverses 
selected one of the networks, each selected network having an ingress middlebox 
(IN) at which a user flow enters the network and an egress middlebox (EN) at which 
the flow exits the network, characterized by each network comprising a midcom 
agent (15; 21) sitting at an IP control plane (4), a plurality of middleboxes (13, 14, 
23, 24) sitting at an IP user plane (6), an extended midcom protocol allowing for 
communication between the midcom agent and the middleboxes, said middleboxes 
being adapted to detect a user flow and register its identity (FID) at the midcom 
agent together with the identity of the middlebox at which the flow was detected (16; 
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28, 29), said midcom agent in response to a combined flow and middlebox 
registration sending a flow control order (17) to the middlebox over the extended 
midcom protocol, said flow control order instructing the middlebox how to handle 
the detected flow. 



